Public exploit · Metasploit Module

IBM Personal Communications iSeries Access WorkStation 5.9 Profile

Published Rocco Calvi

Exploit summary

A stack-based buffer overflow in IBM Personal Communications allows arbitrary code execution through malicious WorkStation profile files. The vulnerability exists in pcspref.dll where the application does not perform bounds checking on strcpy operations, enabling data to overwrite return addresses. The exploit bypasses DEP and ASLR on Windows XP, Vista, and Windows 7.

Source & references